CVE Catalog

CVE-2026-44941

HighCVSS 8.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.49%

38th percentile — higher than 38% of all known CVEs

Summary

A relative path traversal vulnerability in the "keyhint" option during repomd.xml parsing in libzypp before version 17.38.12. Attackers able to supply a malicious repository can inject or overwrite files on the target system as root.

Risk Assessment

The risk involves potential remote code execution or privilege escalation by overwriting critical system files, which could lead to full system compromise.

Recommendation

Immediately update libzypp to version 17.38.12 or later and avoid using untrusted repositories.

Original NVD description (English source)

A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS